Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SimonMeadows
Participant

Smart Connect Domain objects and Groups with exclusion

Hi,

I have a few more - pull request #27

  • 5dcac1d - Domain objects that already exist are imported with '_1' suffix
    • Domain objects 'Name' is the fqdn that is meaningful for dns etc.
    • I have changed it to forcibly not rename and skip any domains that already exist
    • This means any rules with the fqdn will use the already existing object
  • bd0f6cd - GroupWithExclusion does not have any ['Members']
    • The GroupWithExclusion has an ['Include'] and ['Except'] but no ['Members']
    • I have added a check for when the code reached the processGroupWithMembers function to skip it if it is a GroupWithExclusion
  • 726b02c - any not accepted as an object for rules ** IMPORTANT - not fully tested **
    • on multiple occasions I get 'WARN: Requested object [any] not found'
    • to fix I must replace all instances of "any" with "Any" in the cp_objects.json file
    • The change changes the default any object from "any" to "Any"
    • This has worked for my purposes using the smartconnector method of importing a single cisco config file
    • I have not tested with bash scripts and am sure I have not used all the places "Any" would be output by SmartMove
4 Replies
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

Thanks a lot!.

We completed the code review and testing.

We updated the version and released it.

0 Kudos
Ofir_Shikolski
Employee Alumnus
Employee Alumnus

Hi @SimonMeadows ,

Did you get our gift ?

0 Kudos
SimonMeadows
Participant

Hi @Ofir_Shikolski ,

I did, thank you very much.

I have another conversion from ASA to do in a few weeks so I'll do a bit more testing on the new version.

 

0 Kudos
SimonMeadows
Participant

Hi @Ofir_Shikolski 

I found an issue with the mapping of networks where a subnet will be mapped to a larger supernet if appears in the search result list before the subnet.

The debug output shows:

  processing network: network_172.24.47.160_29
WARN: More than one object named 'network_172.24.47.160_29' exists.
WARN: More than one network has the same IP 172.24.47.160/255.255.255.248
  REPORT: CP object network_172.16.0.0_12 is used instead of network_172.24.47.160_29
 
You can see a /29 subnet is mapped to a /12, which is undesirable.
 
I have submitted a pull request for a fix that I have tested on an import form a Cisco ASA
It adds an extra condition to match on both subnet and subnet-mask

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events